feat(client-iam): Updated IAM ServiceSpecificCredential support to include expiration, API Key output format instead of username and password for services that will support API keys, and the ability to list credentials for all users in the account for a given service configuration.

Author: awstools

clients/client-iam/src/commands/ChangePasswordCommand.ts

@@ -32,10 +32,11 @@ export interface ChangePasswordCommandOutput extends __MetadataBearer {}
  *             can be performed using the CLI, the Amazon Web Services API, or the <b>My
  *                 Security Credentials</b> page in the Amazon Web Services Management Console. The Amazon Web Services account root user password is
  *             not affected by this operation.</p>
- *          <p>Use <a>UpdateLoginProfile</a> to use the CLI, the Amazon Web Services API, or the
- *                 <b>Users</b> page in the IAM console to change the
- *             password for any IAM user. For more information about modifying passwords, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html">Managing
- *                 passwords</a> in the <i>IAM User Guide</i>.</p>
+ *          <p>Use <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateLoginProfile.html">UpdateLoginProfile</a>
+ *             to use the CLI, the Amazon Web Services API, or the <b>Users</b> page in
+ *             the IAM console to change the password for any IAM user. For more information about
+ *             modifying passwords, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html">Managing passwords</a> in the
+ *                 <i>IAM User Guide</i>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

clients/client-iam/src/commands/CreateAccessKeyCommand.ts

@@ -61,7 +61,7 @@ export interface CreateAccessKeyCommandOutput extends CreateAccessKeyResponse, _
  * //   AccessKey: { // AccessKey
  * //     UserName: "STRING_VALUE", // required
  * //     AccessKeyId: "STRING_VALUE", // required
- * //     Status: "Active" || "Inactive", // required
+ * //     Status: "Active" || "Inactive" || "Expired", // required
  * //     SecretAccessKey: "STRING_VALUE", // required
  * //     CreateDate: new Date("TIMESTAMP"),
  * //   },

clients/client-iam/src/commands/CreateLoginProfileCommand.ts

@@ -35,7 +35,7 @@ export interface CreateLoginProfileCommandOutput extends CreateLoginProfileRespo
  * <p>Creates a password for the specified IAM user. A password allows an IAM user to
  *             access Amazon Web Services services through the Amazon Web Services Management Console.</p>
  *          <p>You can use the CLI, the Amazon Web Services API, or the <b>Users</b>
- *             page in the IAM console to create a password for any IAM user. Use <a>ChangePassword</a> to update your own existing password in the <b>My Security Credentials</b> page in the Amazon Web Services Management Console.</p>
+ *             page in the IAM console to create a password for any IAM user. Use <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html">ChangePassword</a> to update your own existing password in the <b>My Security Credentials</b> page in the Amazon Web Services Management Console.</p>
  *          <p>For more information about managing passwords, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html">Managing passwords</a> in the
  *                 <i>IAM User Guide</i>.</p>
  * @example

clients/client-iam/src/commands/CreateOpenIDConnectProviderCommand.ts

@@ -68,7 +68,7 @@ export interface CreateOpenIDConnectProviderCommandOutput
  *          </note>
  *          <note>
  *             <p>The trust for the OIDC provider is derived from the IAM provider that this
- *                 operation creates. Therefore, it is best to limit access to the <a>CreateOpenIDConnectProvider</a> operation to highly privileged
+ *                 operation creates. Therefore, it is best to limit access to the <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html">CreateOpenIDConnectProvider</a> operation to highly privileged
  *                 users.</p>
  *          </note>
  * @example

clients/client-iam/src/commands/CreatePolicyVersionCommand.ts

@@ -30,7 +30,7 @@ export interface CreatePolicyVersionCommandOutput extends CreatePolicyVersionRes
 /**
  * <p>Creates a new version of the specified managed policy. To update a managed policy, you
  *             create a new policy version. A managed policy can have up to five versions. If the
- *             policy has five versions, you must delete an existing version using <a>DeletePolicyVersion</a> before you create a new version.</p>
+ *             policy has five versions, you must delete an existing version using <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicyVersion.html">DeletePolicyVersion</a> before you create a new version.</p>
  *          <p>Optionally, you can set the new version as the policy's default version. The default
  *             version is the version that is in effect for the IAM users, groups, and roles to which
  *             the policy is attached.</p>

clients/client-iam/src/commands/CreateServiceSpecificCredentialCommand.ts

@@ -42,11 +42,9 @@ export interface CreateServiceSpecificCredentialCommandOutput
  *             IAM, and can be used only for the specified service. </p>
  *          <p>You can have a maximum of two sets of service-specific credentials for each supported
  *             service per user.</p>
- *          <p>You can create service-specific credentials for CodeCommit and Amazon Keyspaces (for Apache
- *             Cassandra).</p>
- *          <p>You can reset the password to a new service-generated value by calling <a>ResetServiceSpecificCredential</a>.</p>
- *          <p>For more information about service-specific credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_ssh-keys.html">Using IAM
- *                 with CodeCommit: Git credentials, SSH keys, and Amazon Web Services access keys</a> in the
+ *          <p>You can create service-specific credentials for Amazon Bedrock, CodeCommit and Amazon Keyspaces (for Apache Cassandra).</p>
+ *          <p>You can reset the password to a new service-generated value by calling <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_ResetServiceSpecificCredential.html">ResetServiceSpecificCredential</a>.</p>
+ *          <p>For more information about service-specific credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_bedrock.html">Service-specific credentials for IAM users</a> in the
  *                 <i>IAM User Guide</i>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
@@ -57,18 +55,22 @@ export interface CreateServiceSpecificCredentialCommandOutput
  * const input = { // CreateServiceSpecificCredentialRequest
  *   UserName: "STRING_VALUE", // required
  *   ServiceName: "STRING_VALUE", // required
+ *   CredentialAgeDays: Number("int"),
  * };
  * const command = new CreateServiceSpecificCredentialCommand(input);
  * const response = await client.send(command);
  * // { // CreateServiceSpecificCredentialResponse
  * //   ServiceSpecificCredential: { // ServiceSpecificCredential
  * //     CreateDate: new Date("TIMESTAMP"), // required
+ * //     ExpirationDate: new Date("TIMESTAMP"),
  * //     ServiceName: "STRING_VALUE", // required
- * //     ServiceUserName: "STRING_VALUE", // required
- * //     ServicePassword: "STRING_VALUE", // required
+ * //     ServiceUserName: "STRING_VALUE",
+ * //     ServicePassword: "STRING_VALUE",
+ * //     ServiceCredentialAlias: "STRING_VALUE",
+ * //     ServiceCredentialSecret: "STRING_VALUE",
  * //     ServiceSpecificCredentialId: "STRING_VALUE", // required
  * //     UserName: "STRING_VALUE", // required
- * //     Status: "Active" || "Inactive", // required
+ * //     Status: "Active" || "Inactive" || "Expired", // required
  * //   },
  * // };
  *

clients/client-iam/src/commands/CreateVirtualMFADeviceCommand.ts

@@ -33,9 +33,10 @@ export interface CreateVirtualMFADeviceCommandOutput extends CreateVirtualMFADev
 
 /**
  * <p>Creates a new virtual MFA device for the Amazon Web Services account. After creating the virtual
- *             MFA, use <a>EnableMFADevice</a> to attach the MFA device to an IAM user.
- *             For more information about creating and working with virtual MFA devices, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html">Using a virtual MFA
- *                 device</a> in the <i>IAM User Guide</i>.</p>
+ *             MFA, use <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableMFADevice.html">EnableMFADevice</a> to
+ *             attach the MFA device to an IAM user. For more information about creating and working
+ *             with virtual MFA devices, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html">Using a virtual MFA device</a> in the
+ *                 <i>IAM User Guide</i>.</p>
  *          <p>For information about the maximum number of MFA devices you can create, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html">IAM and STS
  *                 quotas</a> in the <i>IAM User Guide</i>.</p>
  *          <important>

clients/client-iam/src/commands/DeleteGroupPolicyCommand.ts

@@ -31,8 +31,8 @@ export interface DeleteGroupPolicyCommandOutput extends __MetadataBearer {}
  * <p>Deletes the specified inline policy that is embedded in the specified IAM
  *             group.</p>
  *          <p>A group can also have managed policies attached to it. To detach a managed policy from
- *             a group, use <a>DetachGroupPolicy</a>. For more information about policies,
- *             refer to <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
+ *             a group, use <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachGroupPolicy.html">DetachGroupPolicy</a>.
+ *             For more information about policies, refer to <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
  *                 policies</a> in the <i>IAM User Guide</i>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

clients/client-iam/src/commands/DeleteLoginProfileCommand.ts

@@ -28,18 +28,19 @@ export interface DeleteLoginProfileCommandInput extends DeleteLoginProfileReques
 export interface DeleteLoginProfileCommandOutput extends __MetadataBearer {}
 
 /**
- * <p>Deletes the password for the specified IAM user, For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html">Managing
+ * <p>Deletes the password for the specified IAM user or root user, For more information, see
+ *                 <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html">Managing
  *                 passwords for IAM users</a>.</p>
  *          <p>You can use the CLI, the Amazon Web Services API, or the <b>Users</b>
- *             page in the IAM console to delete a password for any IAM user. You can use <a>ChangePassword</a> to update, but not delete, your own password in the
+ *             page in the IAM console to delete a password for any IAM user. You can use <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html">ChangePassword</a> to update, but not delete, your own password in the
  *                 <b>My Security Credentials</b> page in the
  *             Amazon Web Services Management Console.</p>
  *          <important>
  *             <p>Deleting a user's password does not prevent a user from accessing Amazon Web Services through
  *                 the command line interface or the API. To prevent all user access, you must also
  *                 either make any access keys inactive or delete them. For more information about
- *                 making keys inactive or deleting them, see <a>UpdateAccessKey</a> and
- *                     <a>DeleteAccessKey</a>.</p>
+ *                 making keys inactive or deleting them, see <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccessKey.html">UpdateAccessKey</a>
+ *                 and <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccessKey.html">DeleteAccessKey</a>.</p>
  *          </important>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

clients/client-iam/src/commands/DeletePolicyCommand.ts

@@ -36,15 +36,13 @@ export interface DeletePolicyCommandOutput extends __MetadataBearer {}
  *          <ul>
  *             <li>
  *                <p>Detach the policy from all users, groups, and roles that the policy is
- *                     attached to, using <a>DetachUserPolicy</a>, <a>DetachGroupPolicy</a>, or <a>DetachRolePolicy</a>. To
- *                     list all the users, groups, and roles that a policy is attached to, use <a>ListEntitiesForPolicy</a>.</p>
+ *                     attached to, using <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachUserPolicy.html">DetachUserPolicy</a>, <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachGroupPolicy.html">DetachGroupPolicy</a>, or <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html">DetachRolePolicy</a>. To list all the users, groups, and roles that a
+ *                     policy is attached to, use <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListEntitiesForPolicy.html">ListEntitiesForPolicy</a>.</p>
  *             </li>
  *             <li>
- *                <p>Delete all versions of the policy using <a>DeletePolicyVersion</a>.
- *                     To list the policy's versions, use <a>ListPolicyVersions</a>. You
- *                     cannot use <a>DeletePolicyVersion</a> to delete the version that is
- *                     marked as the default version. You delete the policy's default version in the
- *                     next step of the process.</p>
+ *                <p>Delete all versions of the policy using <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicyVersion.html">DeletePolicyVersion</a>. To list the policy's versions, use <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyVersions.html">ListPolicyVersions</a>. You cannot use <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicyVersion.html">DeletePolicyVersion</a> to delete the version that is marked as the
+ *                     default version. You delete the policy's default version in the next step of the
+ *                     process.</p>
  *             </li>
  *             <li>
  *                <p>Delete the policy (this automatically deletes the policy's default version)

clients/client-iam/src/commands/DeletePolicyVersionCommand.ts

@@ -30,8 +30,8 @@ export interface DeletePolicyVersionCommandOutput extends __MetadataBearer {}
 /**
  * <p>Deletes the specified version from the specified managed policy.</p>
  *          <p>You cannot delete the default version from a policy using this operation. To delete
- *             the default version from a policy, use <a>DeletePolicy</a>. To find out which
- *             version of a policy is marked as the default version, use <a>ListPolicyVersions</a>.</p>
+ *             the default version from a policy, use <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicy.html">DeletePolicy</a>. To find
+ *             out which version of a policy is marked as the default version, use <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyVersions.html">ListPolicyVersions</a>.</p>
  *          <p>For information about versions for managed policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html">Versioning for managed
  *                 policies</a> in the <i>IAM User Guide</i>.</p>
  * @example

clients/client-iam/src/commands/DeleteRoleCommand.ts

@@ -34,17 +34,17 @@ export interface DeleteRoleCommandOutput extends __MetadataBearer {}
  *             following attached items: </p>
  *          <ul>
  *             <li>
- *                <p>Inline policies (<a>DeleteRolePolicy</a>)</p>
+ *                <p>Inline policies (<a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePolicy.html">DeleteRolePolicy</a>)</p>
  *             </li>
  *             <li>
- *                <p>Attached managed policies (<a>DetachRolePolicy</a>)</p>
+ *                <p>Attached managed policies (<a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html">DetachRolePolicy</a>)</p>
  *             </li>
  *             <li>
- *                <p>Instance profile (<a>RemoveRoleFromInstanceProfile</a>)</p>
+ *                <p>Instance profile (<a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveRoleFromInstanceProfile.html">RemoveRoleFromInstanceProfile</a>)</p>
  *             </li>
  *             <li>
  *                <p>Optional – Delete instance profile after detaching from role for
- *                     resource clean up (<a>DeleteInstanceProfile</a>)</p>
+ *                     resource clean up (<a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteInstanceProfile.html">DeleteInstanceProfile</a>)</p>
  *             </li>
  *          </ul>
  *          <important>

clients/client-iam/src/commands/DeleteRolePolicyCommand.ts

@@ -31,8 +31,8 @@ export interface DeleteRolePolicyCommandOutput extends __MetadataBearer {}
  * <p>Deletes the specified inline policy that is embedded in the specified IAM
  *             role.</p>
  *          <p>A role can also have managed policies attached to it. To detach a managed policy from
- *             a role, use <a>DetachRolePolicy</a>. For more information about policies,
- *             refer to <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
+ *             a role, use <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html">DetachRolePolicy</a>.
+ *             For more information about policies, refer to <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
  *                 policies</a> in the <i>IAM User Guide</i>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

clients/client-iam/src/commands/DeleteServiceLinkedRoleCommand.ts

@@ -36,7 +36,7 @@ export interface DeleteServiceLinkedRoleCommandOutput extends DeleteServiceLinke
  *             is not complete, then the <code>DeletionTaskId</code> of the earlier request is
  *             returned.</p>
  *          <p>If you submit a deletion request for a service-linked role whose linked service is
- *             still accessing a resource, then the deletion task fails. If it fails, the <a>GetServiceLinkedRoleDeletionStatus</a> operation returns the reason for the
+ *             still accessing a resource, then the deletion task fails. If it fails, the <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLinkedRoleDeletionStatus.html">GetServiceLinkedRoleDeletionStatus</a> operation returns the reason for the
  *             failure, usually including the resources that must be deleted. To delete the
  *             service-linked role, you must first remove those resources from the linked service and
  *             then submit the deletion request again. Resources are specific to the service that is